On Fri, 12 Sep 2025 13:18:25 GMT, Sean Mullan <mul...@openjdk.org> wrote:
>> Artur Barashev has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Update comments. Remove unnecessary variable assignments.
>
> src/java.base/share/classes/sun/security/ssl/X509TrustManagerImpl.java line
> 475:
>
>> 473: // Omit checks if EE cert is also a trust anchor
>> 474: if (chain.length > 1) {
>> 475: AlgorithmChecker checker = new AlgorithmChecker(
>
> Another option would be to add this `AlgorithmChecker` as another checker in
> the `PKIXBuilderParameters` when instantiating a `PKIXValidator`, and then
> the `Validator` would just call this additional checker when validating the
> chain. But this is a bit more complicated because the caller can pass in
> their own `PKIXBuilderParameters`. But noting here for reference that it is
> another option.
I put together an alternative solution that avoids duplicate calls:
https://github.com/openjdk/jdk/pull/27262/files#diff-c691895596058f5eb4ec609c75ad83ef4a16da85ce6f3499ca89ef412eab15bf
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27146#discussion_r2345080596
